Hackers Set Fire To An Iranian Steelworks

Uploaded on 2022-07-20 in INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

It's extremely rare for hackers, who operate in the digital world, to cause damage in the physical world, but a cyber attack on a steel maker in Iran is being seen as a significant event.

The attack caused "massive damage" to a steel factory, causing an emergency shutdown.

A hacking group calling itself 'Predatory Sparrow' has claimed responsibility for the attack, which it said caused a serious fire and has subsequently released a video to back up its story. 

The video appears to be CCTV footage of the incident, showing factory workers leaving part of the plant before a machine starts spewing molten steel and fire. The video ends with people pouring water on the fire with hoses. In another video that surfaced online, factory staff can be heard shouting for firefighters to be called and describing damage to the equipment. 

Now, security experts are asking who is behind 'Predatory Sparrow' which some say is state-sponsored military hacking group. Its name, a play on the name of the Iranian cyber warfare group, Charming Kitten, could be a clue suggesting that it's a country with a strong interest in Iran. Also known by its Persian name, 'Gonjeshke Darande' the group say this was one of three attacks it carried out against Iranian steel makers in June, in response to unspecified acts of "aggression" carried out by the Islamic Republic.

The group has also started sharing gigabytes of data it claims to have stolen from the companies, including confidential emails. On its Telegram page Predatory Sparrow posted: "These companies are subject to international sanctions and continue their operations despite the restrictions. These cyber attacks, being carried out carefully to protect innocent individuals." That last sentence has attracted considerable attention as, from their public claim, the hackers knew that they were putting lives in danger and were careful to make sure the factory was empty before launching their attack. 

This has led many to wonder whether Predatory Sparrow is a professional and tightly regulated team of state-sponsored military hackers, who may even be obliged to carry out risk assessments before they launch an operation.

"They claim themselves to be a group of hacktivists, but given their sophistication, and their high impact, we believe that the group is either operated, or sponsored by, a nation state," says Itay Cohen, head of cyber research at Check Point Software.

Iran has been the victim of a spate of recent cyber-attacks that have had an impact in the real world but nothing as serious as this since the 2010 Stuxnet attack on Iran's uranium enrichment facilities. Stuxnet was a computer virus that damaged or destroyed centrifuges at Iran's uranium enrichment facility in Natanz, hampering its nuclear programme. The attack has been widely attributed to Israel and US military hackers working in combination, although this has never been officially confirmed.  

Since Stuxnet, there have been very few confirmed cases of physical damage and nation-state cyber attacks of this kind are more commonly designed to cause disruption, without causing real physical damage. That may now be about to change.

If Predatory Sparrow is a state-sponsored military hacking group, which country does it represent? According to Israeli media reports, Defence Minister Benny Gantz has ordered an investigation into leaks that led to Israeli journalists heavily hinting that Israel is behind the hack. The minister is possibly concerned that Israel's "ambiguity policy" on its operations against Iran might have been broken.

In October last year Predatory Sparrow claimed responsibility for taking Iran's national fuel station payment system offline. The group also said it had been behind a hack that hijacked digital billboards on roads, making them display a message saying, "Khamenei, where is our fuel?" - a reference to the country's supreme leader, Ayatollah Ali Khamenei. In both cases, the hackers showed a degree of responsibility by warning Iran's emergency services in advance about the potential chaos that could result.

Check Point researchers say they have also found code in the malicious software used by Predatory Sparrow that matches code used by another group, called Indra, that is thought to have hacked Iranian train station displays in 2021. The steel factory attack, however, is a sign that the stakes are getting higher.

IQStock:    HeadTopics:     BBC:     Yahoo:        Shout Radio:    Userwalls:     Nation World News:  

You Might Also Read: 

Israel & Iran Locked In Cyber Conflict:

 

« Migrating to the Cloud: Security Risks and Concerns
Millions Of Canadian Households & Businesses Offline »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DriveLock

DriveLock

Our security solution is designed to prevent external attacks, which are evermore sophisticated as well as monitor, document and even prevent internal incidents.

Infiltrate

Infiltrate

INFILTRATE is a deep technical conference that focuses entirely on offensive security issues.

Devo Technology

Devo Technology

Devo Security Operations is a next-gen cloud SIEM that enables you to gain complete visibility, reduce noise, and focus on the threats that matter most to the business.

NTNU Center for Cyber & Information Security (NTNU CCIS)

NTNU Center for Cyber & Information Security (NTNU CCIS)

NTNU CCIS is a national centre for research, education, testing, training and competence development within the area of cyber and information security.

Innotec Security

Innotec Security

Innotec Security is a Spanish company specializing in cybersecurity-as-a-service, cyber resilience and cyber risk management.

Sponge

Sponge

Cybersecurity Sorted by Sponge is a seriously engaging training game to make your staff the first line of defence against cyber threats.

Outsource UK

Outsource UK

Outsource UK is an independent recruitment company supplying highly-skilled technology, change and engineering talent to clients within a range of specialist sectors including Cyber Security.

Get Safe Online

Get Safe Online

Get Safe Online is a leading source of unbiased, factual and easy-to-understand information on online safety.

World Congress on Industrial Control Systems Security (WCICSS)

World Congress on Industrial Control Systems Security (WCICSS)

The World Congress on Industrial Control Systems Security (WCICSS) is focused on emerging trends in protection of industrial control systems.

Project Moore

Project Moore

Project Moore is an Amsterdam law firm specialising in IT-law and privacy.

Ciphertex Data Security

Ciphertex Data Security

Ciphertex is a leading data security company that specializes in portable data encryption and privacy protection storage systems.

Avetta

Avetta

Avetta One is the industry’s largest Supply Chain Risk Management (SCRM) platform. It enables clients to manage supply chain risks and suppliers to prove the value of their business.

FastNetMon

FastNetMon

FastNetMon is a very high performance DDoS detection and mitigation tool which could detect malicious traffic in your network and immediately block it.

Amazon Web Services (AWS)

Amazon Web Services (AWS)

Amazon Web Services is the world’s most comprehensive and broadly adopted cloud platform, offering fully featured services from data centers globally.

DruvStar

DruvStar

DruvStar provides B2B cybersecurity around threat management to strengthen businesses across attack vectors.

CentriVault

CentriVault

CentriVault is a leading independent provider of Cyber Security and Data protection services to small and medium enterprises (SMEs).